From: Chenghai Huang <huangchenghai2@huawei.com> The length of the input IV and key pointer cannot exceed the maximum length. Otherwise, memory overwriting occurs during the copy. Signed-off-by: Chenghai Huang <huangchenghai2@huawei.com> --- src/uadk_prov_cipher.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/uadk_prov_cipher.c b/src/uadk_prov_cipher.c index f6d1581..de3a62a 100644 --- a/src/uadk_prov_cipher.c +++ b/src/uadk_prov_cipher.c @@ -264,6 +264,11 @@ static int uadk_prov_cipher_init(struct cipher_priv_ctx *priv, int cipher_counts = ARRAY_SIZE(cipher_info_table); int i; + if (ivlen > IV_LEN || keylen > MAX_KEY_LEN) { + fprintf(stderr, "invalid keylen or ivlen.\n"); + return UADK_E_FAIL; + } + if (iv) memcpy(priv->iv, iv, ivlen); -- 2.33.0